Wavyzz/dolibarr-fork
2
0
Fork 0
forked from Wavyzz/dolibarr
Code Pull Requests Activity

Protect param extName

Browse Source
This commit is contained in:
Laurent Destailleur
2024-09-05 10:03:00 +02:00
parent b2762be57d
commit 4f48a08d1b
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
htdocs/core/lib/functions.lib.php
View File

@@ -11561,7 +11561,11 @@ function getImageFileNameForSize($file, $extName, $extImgTarget = '')
$dirName = '';
}
$fileName = preg_replace('/(\.gif|\.jpeg|\.jpg|\.png|\.bmp|\.webp)$/i', '', $file); // We remove extension, whatever is its case
if (!in_array($extName, array('', '_small', '_mini'))) {
return 'Bad parameter extName';
}
$fileName = preg_replace('/(\.gif|\.jpeg|\.jpg|\.png|\.bmp|\.webp)$/i', '', $file); // We remove image extension, whatever is its case
$fileName = basename($fileName);
if (empty($extImgTarget)) {